Skip to content

General

189 results found

  1. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Somehow add suspected breaches

    Since I use a seperate email address for every domain I register for (forum/webshops) I have a fairly good picture of breached sites (currently many forum sites). Is there a way to add/investigate/report these?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. Please reconsider including leaked password in Notification Emails. Consider letting users opt in.

    Your users should treat this password as public information, as should you. If you are concerned about storing this information, then delete the leaked passwords once the notification emails have been sent.

    The beneficial impact of all users knowing exactly which of their passwords have been leaked is likely much greater than the dangers of your copy of the passwords being leaked since these passwords are already in the open and should be treated as public information.

    If you still feel against this, then please at least make it an opt in option. Let people opt in to agreeing to…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    It’s just too risky to handle this sort of data in a publicly facing service and not be able to store it as a secure cryptographic hash. Opting in would made a large amount of additional work to service a very small portion of the overall accounts in a breach.

  4. Catch all

    Implement support for catch all email addresses. I use a different mail address per website I register to. Its all on the same domain that is configured to support catch all e-mail. In theory I could use an UUID email adres per website.

    In order to proof you are the owner you could send a verification mail to a random mailadres for the given domain.

    3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Allow notifications for an entire domain or allow a way to pull the domain report without having to verify every time.

    We have access to a private feed of password dumps that we query every day automatically so we can proactively notify our users of account compromises. It would be really cool if we could also query haveibeenpwned in a similar fashion without having to manually verify domain ownership each time. This would allow us to automate the retrieval of the report.

    Another option would be to allow people to sign-up for domain wide notifications similar to how you allow people to sign-up for individual account notifications.

    Either way, the goal is to automatically receive or retrieve the information so we…

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. Charge for the service

    Good service but I think you need $ to improve it.
    A user could be charged a small amount, around €1, for the release of information related to a security breach.
    The basic account could be free but the user would have to pay for advanced services.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. Notify email owner privately to limit malicious intents

    I like the fact that I get to know if my email is pwned in any of the latest breaches (so opting out is not really an option), but I can see a malicious intent here as well.

    Say a hacker needs to get access to my email account, then the first thing to try is your service to know if my password exists in any of the known breaches, even though I might change it but some users won't or it may be easily guessable.

    My idea is, when the user enters their email address, send the results by…

    41 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. Esso Canada called me regarding their speedpass rewards program being compromised. Not sure if it's a one-off or more than that.

    customer service said that someone accessed my account, changed the email address on file, then proceeded to order e-gift cards.

    Can you check into it if possible?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Provide an email address to send you PROBLEMS with your confirmation system

    I tried to set up a notification to my email, but the confirmation email you sent came in without a link (twice). I would have liked to notify you privately, but can't find any email on your site to write to privately! I use webmail on a HostGator hosted domain that I own, but the email comes in with text and a big blue banner where the link should be, but no link.

    0 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  11. Incomplete Data

    One of my several email id has been part in one of the data leak but searching here shows that it is not. This shows there is some discrepancy in data you refer to. I can not reveal much publicly here but you can reach out to me and i shall share more details.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  12. Include email addresses (or some info) for domain notifications

    If you're doing a domain notification (notifying of any info for your domain that becomes compromised), you'd like to relay concerns to your users when those alerts come up. Right now, we're just getting a number of accounts, rather than the actual specifics. Even listing email addresses would help.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  13. Ok, so I've been pwned, now what?

    Is there a means of fixing the issue?

    Can I get my name off the pwned list? (without opting out)

    Would it help to contact the pwned website(s) with my data?

    Thanks

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  14. Stop sending bogus emails

    I've had emails saying that both my tumblr and MySpace accounts have been breached, however I don't have accounts on either system.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  15. acknowledge option

    Hi,
    It will be nice to have an "acknowledge" option if i subscribe - so when i see list of sites/accounts i changed my password too i would be able to acknowledge and then see only new threats as red

    thanks,

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  16. Add URL for a certain paste

    Using the crowd, I have finally solved the mystery which database a certain paste represents: http://security.stackexchange.com/questions/108191/what-can-i-do-if-i-discover-that-my-password-hash-has-been-leaked-in-pastebin

    Can I/Could you add that information?

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  17. Add wpengine.com breach

    There was a breach on wpengine.com, maybe data about accounts will be available somewhere
    https://wpengine.com/support/infosec/

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  18. RSS feeds not working/validating

    Thunderbird refuses to open either your breaches or pastes RSS feeds, claiming failed validation. The w3c feed validator fails both: https://validator.w3.org/feed/
    Whether they are broken or not is beyond my experience :-)

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    declined  ·  1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  19. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  20. Unsubscribe button please

    This service is awesome and user will be warned if they are pwned.
    But the registration confirmation email says "...and you can unsubscribe at any time if you don't want the notifications."
    Please, make an unsubscribe button. I can't find any unsubscribe button or form on the website or in the email.
    Thanks.

    1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?

General

Categories

Feedback and Knowledge Base